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REMARKS 

1 he f ^aniiiii^t has jcilv. <.l i s m ~2 'k^.' I S \\2 tu'^t pafagtaph as 
failnii; to vonjpK \Mih the wutiea dosv! pt n cqu un ent More spctifKaiK the 
LKanuner h is JUL'd that Lhtx \%e{t; unahit; Lo find suppofi foi lhj-> hnutUKin m [ihe] 
orjgmd! disclosuie <\pplicant respectfiilU dtsagices and le-specttuih dttccted the 
lixamTner's attention to Page 15, hues 7-10, which disclose that ''the scatmrng engine is 
invoked for each device the customer service 102 has registered in the customer 
infbrmatioii database 304 accordbg the sched tde requested for that device" and that "[i]n 
one example, customefs are ottered five poss ible q iicite times to sc hedule scaas of their 
service 102" (emphasis added). Of course, the above citations are merely examples of 
the above claim language and should not be construed as Hmiting in any manner. 

The Examiner has rejected Claims 1, 2, 9, 2 1 , 27-30, 35, 38«39. and 4i -45 under 
35 U.S.C. 103(a) as being unpatentable over Khaishgi et al (US, Patent No, 6,658394), 
in view of Guirguis ("Network- and Host-Based Vulnerability Assessments: An 
hitroduction to a Cost [itTective and Easy to Use Sti-ategy"), iiirther in view of Tlso 
("Automated Security Scanning"), and further in view of Bunker, V et ai. (U.S. Patent 
Publication No. 2003/0028803). Applicatrt respectftiliy disagrees with such rejection. 

Wi th reflect to the iadependem claims, the Examiner has relied on Page 2, 
second paragraph, and Page 6, Section 3.14 from the Guirguis reference to make a prior 
art sho\smg of apphcant's claimed technique "wherein the scanning ptoduces a set of 
.XML files jncluding mtoiiuntfon about open pous a\a LMc -o'% sv. nciwoik ptotuLuls 
secui ity exposui e^ and \ uhici abdities associated w nh a de\ icc pro\ idtng the hie 
service" (see this or similar, but not necessarily identical language in the independent 
claims). 

Applicant respectfiilly notes that the above e.xcerpts relied on by the Examiner 
merely disclose that "professionals can use both network- and host-based vulnerability 
assessments ( VSs) to obtain a complete evahiatiQU of the security risks of the system(s) 



under un estigiiiionr wheie \ulneiabsiitv a^sessmems ''pomt out which systems ate 
noncompltaiit wHh the companv securjtv policies'' m addition to "locat[ing] which 
g\Mem'^ aie \ ulneiahL identitlx i i-' '.^ ' it sc s 'ct;-- l mp 'neaf; aie viiineuible and 
^lugcstj tn the best method tot repautng the \dnorabihtiei> < t e li lecommcads w bich 
patch t)i Mifiwate \ersion should be used/applied)"" t,Page 2, second paiagiaph emphasis 
added). 

Addttionaily, die excerpts disclose that "Nessiis network VA reports... provide a 
complete overview of the target system's vulnerabilities " and '^mcKide a hst oFopen potts 

detected ser\ ices as'^ociated w ith these ports ana %ul K-Ksh \ ^ ^ \ <is-"^iatetl \Mt1i th ese 
sen tcet> aionu wnh si!tjgc;?tcJ Hves \\n\\ icititcd C \ f tdentitkation^i and BID 
idcntitication^ ' in adduioti lo disclosing that 'ejach pioblem detected bv \ci.siji. is 
categorized into one of four severity levels," where "Nessus categorizes higli severity 
probienis as security holes, while medinm/low severity problems as warnings and fnially 
tnfomiattoiia! problems as open ports" (Section 3, 1 .4, first paragraph ~ emphasis added). 
Furdier, the excerpts disclose that "|X|he assessment results can either be exported into 
different formats such as NSR, Extended NSR, SQL command File, CS V, ASCTl text, 
HTML, XML, and Adobe PDF tiles, or stored in a central MySQL database'' (Section 
3 . i .4, second paragraph). 

However, merely evaluating secitrity risks of a system by identifying 
nonconipliam systems and vulnerable services or coinponents, where 'vadnerability 
assessment reports provide an overview of a system's valnerabilities and include detected 
open ports, services associated with the ports, and vulnerabiiiti.es associated with the 
services, as in Guirguis, foils to disclose a technique "whei-ein the scanning produces a set 
of XML files including information about open ports, available service, network 
protocols , security exposures and vulnerabilities associged with providing the 

on-luie service" (etnphasis added), as claimed by applicant. Merely disclosing a 
vnlnerability assessment report which includes detected open ports, services associated 
with the ports, and vulnerabilities associated with the sendees, as in Guirguis, fails to 
disclose a teehaiqise "wherein the scanning produces a set of XML files including. , . 
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network protocols. . . associated with a device providing the on-line sen-ice" (emphasis 
added), as spectfically claimed by applicant. 

Fo establtsl) i /•/ 'm l . >,a^e ot v hsun sncs% Uuoe basic LUtct a must he nKt 
1 list theif nui<-t he ^ontt* suygesUon or momation eithei m tbe TefeiciiLes iheiu^fh o\ 
in the knov\i;,dge gfneiall\ asailable to one of ordtaan <;kiU in the art, to mod l\ the 
reference or to combine reference teachmgs. Second, there must be a reasonable 
expectation of success. Finally, the prior art reference (or references when combined) 
must teach or suggest all the claim limitations. The teaching or suggestion to make the 
claimed coinbinatioo and the reasonable expectation of success must both be found io the 
prior art and not based on applicant's disclosure. In re Vaeck,941 F,2d 4S8, 20 USPQ2d 
1438 (Fed.Cir. 1991). 

Applicant respectfully asserts that at least the third element of the prima facte 
case of obviousness has not been met, since tlie prior ait excerpts, as relied upon by the 
Examiner, fail to teach or suggest aO of the claim limitations, as noted above. 

Applicant tiirther notes that the prior ai t is also deficient with ixispect to the 
dependent claims. For example, with respect to Claim 34, the Examiner has rejected the 
same under 35 U.S.C. 103(a) as being unpatentable over Khaishgi, in view of Guirguis, 
in view of Tiso, in view of Bunker, V, and further in view of "Nessus Scan Report" 
(ht^;/Aveb,archive,org,''web/200012 1 723 1 600/wxvw.nessiis.org/demo/report,txt). 

SpocihtalK the ! \aminci ha~. lehed on the fullouinLi cxt^^qn iumi the. KeSMis 
Scan Repon ictcteJice to make a pnoi art showing of apphcatit's clanned teelnnqoe 
"therein the database stores the inforraation about the open ports on tlie device pro viding 
the online service, generic services expected to be running on the open ports, and actual 
ser%4ces mnning on the open ports, including a version and network message protocol 
associated with the actual services." 
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'•^IxsiioKftiatlcxi found on po:ct ftp {21./tcp) 

bonsai microsoft ftp service (version 4.0), 
500 'get / http/1.0': coiri-isand. not understood" 

Appiicant respectftiUy notes thai the above excerpt reiied on by the Examiiver 
merely discloses information found on a pai'dcuiar port, including a semce ("bonsai 
imcrosoft ftp service") running on the port and tiie version of the service. Ilowever, 
merely disclosing a service ninning on a particular port, as in the Nessus Scan Report 
reference, fails to disclose a technique "wherein the database stores the infomuMlQi) aboiit 
the open ports on the device providing the online service, generic services expected to be 
njiming onjiic open.port and actual services running on the open ports, including a 
version and network message protocol associated with tlie actual services" (emphasis 
added), as claimed by applicant. Merely disclosing a service running on a particular port, 
as in the Nessus Scan Report reference, fails to disclose a technique "wherein the 
database stores the information about . . , generic sew ices expected to be running on the 
open ports" (emphasis added), as specifically claimed by applicant. 

Additionally, with respect to Claim 36, the Examiner has rejected the same under 
35 Ij.S.C. 1 03(a) as being unpatentable over Khaishgi, in view of Guirguis, in view of 
Tiso, in view of Bunker, V, and further in view of Blyth ("An XML-based architecture to 
perform data integration and data unification in winerabiiity assessments"). 

Spct-tiicalis the ! ^ ur in^ k'suJ ^ - Pa v <i !i si pjuK'taph j> Acil as 
1 ^^luc^ i and <^ (iepsodm cd h<i\o\\ > horn *hc B lotcien. o to make o pn.^i ait sho^^ mg 
oi apphcant s <.lanut;d tOLiiUKjUf whc(OU) the stauTung engine paises tlic sei tff \Mi 
^iie'^ and 'jtoies lecoids of the paised set of WW fdes m the database ni association \s nh 
an account number of a provider of the online service." 
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Applicant respectfully notes that the above exceipt relied on by the Examiner 
merely discloses that "[t]he output from the port scamiing tool, or the vulnerability 
scanning tool, is used to create the XML document that is then passed to the parser, 
which uses it to create a DOM tree," and that parser parses the XML docimients 
with reference to their document type definitions (DTD) to check that the XML., 
documents are valid and well tbrraed" (Page 16, first pmagiaph). Additionally, the 
figures relied on by the Examiner merely disclose a parser, in addition to disclosing "an 
example of the psxml and xmldb tools running in verbose mode," where "psxnil is a 
simple port scanning tool" and where an "XM^L document is. . . passed to the back-end 
XML database system called xmldb" (Page 19, second paragraph, not specifically cited). 

However, merely using output from a port or vulnerability i^canning too! to create 
an XM L document that is parsed to check that the document is valid and well formed, in 
addition to disclosing a port scanning tool and a hack-end database system, as in Blyth, 
fails to disclose a technique "wherein tlie scanning engine parses the set of XML files and 
stores records of tlie parsed set of XML files in the database in association with ati 
account number of a provider of the oniine service" (emphasis added), as claimed. 



